The Conversation {2 comments}

Your blog software should be more careful with it’s encoding/escaping too! I assume that’s meant to read “(Or [ampersand character] should have been escaped as [ampersand html entity])”

Surely that’s just a bug in the tool though, which appears to be attempting to handle html entities and failing (a typical encoding/escaping/injection mistake). I don’t see that asking humans to edit files directly would make it any better.

There should probably be a unit test in the software to read unserialize and reserialize a complicated file to make sure it’s not making any unintentional changes.